firefox-60.2.0-1.0.1.AXS4
エラータID: AXSA:2018-3323:06
リリース日:
2018/09/19 Wednesday - 11:19
題名:
firefox-60.2.0-1.0.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Tor ブラウザには、firefox が file:// を適切に処理しないことを利用した巧妙な
ウェブサイトを介して、リモートの攻撃者がブラウザの匿名化の機構を迂回し、
クライアントのIPアドレスを特定することを可能とする、TorMoil としても知られる
脆弱性があります。(CVE-2017-16541)
- 現時点では CVE-2018-12376 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
- 現時点では CVE-2018-12377 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
- 現時点では CVE-2018-12378 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
- 現時点では CVE-2018-12379 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-16541
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
CVE-2018-12376
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
CVE-2018-12377
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
CVE-2018-12378
A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
CVE-2018-12379
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-60.2.0-1.0.1.AXS4.src.rpm
MD5: 72e761e46c41b15742435f1bbb3ebe2c
SHA-256: 10f7a0c0faa85bd8f949643c60a94fa41d63f2f4c6cd51265d986c84d9886743
Size: 415.66 MB
Asianux Server 4 for x86
- firefox-60.2.0-1.0.1.AXS4.i686.rpm
MD5: 22c48cd76e704e73679b05131b3c1b46
SHA-256: c293e341f814c312c1d538d11de1b791a3dca349e3992aca93285d5d909a676c
Size: 114.49 MB
Asianux Server 4 for x86_64
- firefox-60.2.0-1.0.1.AXS4.x86_64.rpm
MD5: 1d0f0cd57bcac8cbc7167ea278386c8c
SHA-256: 7d596805b08aea2434e2b0bbe17010ad64e8d6952a30946f9ff682d8f551a865
Size: 114.65 MB - firefox-60.2.0-1.0.1.AXS4.i686.rpm
MD5: 22c48cd76e704e73679b05131b3c1b46
SHA-256: c293e341f814c312c1d538d11de1b791a3dca349e3992aca93285d5d909a676c
Size: 114.49 MB